[Webkit-unassigned] [Bug 126627] New: IDNs containing Unicode combining marks should be displayed in Punycoded form
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 8 01:08:12 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=126627
Summary: IDNs containing Unicode combining marks should be
displayed in Punycoded form
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Critical
Priority: P2
Component: New Bugs
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: mathias at qiwi.be
For security reasons, internationalized domain names containing Unicode combining marks should be displayed in Punycoded form in Safari’s address bar.
Someone could register xn--apple-xvd.com and it would display in Safari’s address bar as apple͢.com, which enables all kinds of phishing attacks.
See <http://blog.dinaburg.org/2014/01/stupid-idn-tricks-unicode-combining.html>.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list